Supplying challenge password in WSTEP Request Security Token RRS feed

  • Question

  • Hi all,

    We wish to use a SCEP server to handle all PKI operations including the first stage of MDM enrollment. Is this possible? In particular, we need to supply a challenge password during the WSTEP Request Security Token stage of enrollment. There is nothing explicit in the documentation to say whether or not this is possible but DM does clearly support SCEP further down the line for WiFi, etc. and it looks like it should be possible by supplying the extension in the GetPolicies request.

    We have tried defining the password as an X509 PKCS#9 extension (1.2.840.113549.1.9.7) in the GetPolicies request, assuming that this would simply be bundled into the signed PKCS#10 request, but this seemed to break the enrollment process completely.

    We have exhausted all avenues short of asking for outside help and are close to accepting that this isn't supported but just wanted to confirm this with anyone who may have more knowledge of this area.

    Thank you in advance for any help you have to offer.


    Monday, June 29, 2015 7:36 AM

All replies